We use cookies to ensure that we give you the best experience on our website. If you continue we'll assume that you are happy to receive all cookies on the SupplierAssurance website.

Privacy policy

This Policy explains when and why we collect personal information about people who use our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you're happy with any changes. By using our website, you're agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to privacy@nqc.com or by writing to NQC Ltd, 6th Floor, The Hive, 51 Lever Street, Manchester, M1 1FN. Alternatively, you can telephone +44 (0) 161 413 7983.

Who are we?

We're NQC Holdings Ltd, we support our clients to manage risk and compliance in global supply chains via our online platforms. We are the Data Controller for the website and the personal information we collect and hold.

How do we collect information from you?

We obtain information about you when you use our website and submit information about your organisation and it's practices, for example, when you register on our platform and complete one of our online assessments as requested by one of your customers. We may also collect your personal information over the telephone when you speak to one of our Support Representatives.

What type of information is collected from you?

The general categories of personal data that we may process are provided in detail below. In addition, we also may obtain your personal data from other sources and not directly from you, and this is explained in more detail in this section.

The personal information we collect might include your name, business address, business email address, IP address, and information regarding what pages are accessed and when. Further details are as follows:

We may process your basic contact details ("contact details"). The contact details may include your name, business email address, business address and business telephone number. The source of the contact details will either by you or someone in your organisation or shared with us by one of your customers. The contact details data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely providing our services to our customers where the details have been provided by a third party source and the legal basis for this processing where you have provided the information is consent.

We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.

We may process information contained in any enquiry you submit to us regarding our services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant services to you or for supporting your interaction with our website. The legal basis for this processing is consent.

We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms or the live chat services. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.

As part of the completion process of our online assessments, you may also be required to share the personal information of others, you must ensure you obtain their permission to add their details into our assessments. We will assume that you have their permission to do so where you have included such data. Their details may be shared with other users of our website, as explained below.

If you purchase an online assessment from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.

How is your information used?

We may use your information to:

contact you (via telephone or email) to request the completion of one of our online assessments, typically on behalf of one of your customers;

process an online assessment payment that you have submitted;

to carry out our obligations arising from any contracts entered into by us;

seek your views or comments on the services we provide;

notify you of changes to our services, and;

send you communications which you have requested and that may be of interest to you. These may include information about our products and services.

We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Other Organisations registered on our website: Our websites are designed to be collaborative and to enable organisations and their nominated users to share completed online assessments with other organisations. Your personal details (name, business email address etc.) will typically be linked to a completed assessment and therefore we may pass your information to other organisations as part of this sharing process. We share this information for the purposes of fulfilling our contractual obligations. We will only share the contents of a completed assessment where you have given us permission to do so. This permission is know as “sharing” on our website and can be managed through the Sharing functions within your online account.

Third Party Service Providers working on our behalf: We may pass your information to our third party service providers for the purposes of completing tasks and providing services to you on our behalf (for example to process a payment for an online assessment, to validate a specific assessment response). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

When you are using our secure online payment pages, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we're under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us then you can select your email notification choices within your user account. You will be asked to opt-in to these notifications when you register on our website.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by updating your email notification choices within your user account. If you need help to do this, you can contact one of our Support Representatives by email at support@nqc.com or by telephone on +44 (0) 161 413 7983.

How you can access and update your information?

The accuracy of your information is important to us. You can access your online account at any time to view the personal data and change the information we hold about you (business telephone number, business address etc.). As we use your business email address as the primary way to identify and communicate with you, if you specifically need to amend your email address, you can telephone +44 (0) 161 413 7983 or email support@nqc.com.

You have the right to ask for a copy of the information NQC hold about you and we reserve the right to charge £10 for information requests where the same information has been requested repeatedly to cover our costs in providing you with details of the information we hold about you. You can access this information yourself via your online account. To do this, visit your Dashboard, click your Name on the top right of the web page and under Options select 'Export Personal Data'.

How can you delete or move the information we hold about you?

Allowing our users to remove their data is important to us. You have the right to the erasure of your personal data due to the fact that the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you want to withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; or you think the personal data has been unlawfully processed. If you would like your data to be removed from our website then please contact us using the details below. We will act promptly and work with you to remove your data. We will also consider who else we may need to inform of the removal e.g. other organisations who you have shared your information with.

You may also want to receive all the personal data we hold about you or transfer it to another data controller/processor depending on the technical feasibility. Our website enables you to export data in a structured, commonly used and machine readable format and we also have a number of APIs that can be used by another data controller/processor to transfer data between systems.

What security precautions do we have in place to protect the loss, misuse or alteration of your information?

When you give us personal information, we take steps to ensure that it's treated securely. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Any sensitive information is encrypted and protected with up to 256 bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We are ISO 27001 certified and have a comprehensive Information Security Management System in place within the organisation. This ensures we have robust organisational processes and procedures in place to manage our operations. We have also implemented a number of technical security measures to protect your data including two factor authentication (where required) and data encryption (both in motion and at rest) etc. We undertake regular penetration tests of our websites to simulate potential attacks on our servers to evaluate the security of the system. We also regularly test our business continuity plans and our ability to quickly restore our website and it's content if required.

How does the website use 'cookies'?

Like many other websites, our website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.

Our cookies are used to:

measure how you use the website so it can be updated and improved based on your needs

remember the notifications you've seen so that we don't show them to you again

Our introductory message

You may see a pop-up welcome message when you first visit our website. We'll store a cookie so that your computer knows you've seen it and knows not to show it again.

Name

Purpose

Expires

NQCSCRIMSEEN_COOKIE

Saves a message to let us know that you have seen our cookie message

30 days

Session cookies

We set cookies to help manage your progress within the site. These cookies don't store your personal data and are deleted when you leave the site.

Name

Purpose

Expires

NQCSCRIM_AUTH

Provides the site with your account details once you've logged in

When you close your browser

NQCSCRIM_USER_BROWSER

Provides id that may uniquely identify your browser to your account

10 years

NQCSCRIM_PAGE_TIMEOUT

Ensures an unactive browser tab does not log you out of another tab

When you close your browser

NQCSCRIM_PAGE_ACTIVE

Ensures an unactive browser tab does not log you out of another tab

When you close your browser

NQCSCRIM_PAGE_LASTPOLL

Ensures an unactive browser tab does not log you out of another tab

When you close your browser

Do we have links to other websites?

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Will we transfer your information outside of Europe?

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK. By submitting your personal data, you're agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

How will NQC review this Policy?

We keep this Policy under regular review. This Policy was last updated in May 2018.

We reserve the right to change or update this Policy from time to time. If material changes are made, we will place a prominent notice on our Website for at least 30 days prior to the change taking effect, or communicate with you directly by email or through Notifications within your online account, and will update the last revised date at the bottom of this Policy.

How can I contact NQC if I have any questions?

If you have any questions or concerns regarding the use or disclosure of your personal information through the website, you can contact NQC by sending an email to privacy@nqc.com.

How can I lodge a complaint about your data handling?

We hope that we can resolve any query or concern you raise about our use of your information. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/.